The UwU exploiter has once again struck, stealing $3.5 million from the lend protocol as it commences to reimburse breach victims.
In an ongoing cryptocurrency exploit, the UwU Lend protocol, which was compromised for nearly $20 million on June 10, is once again under attack.
Cyvers, a onchain data analytics platform, informed the protocol of the attack, asserting that the perpetrators were identical to those who executed the previous $20 million exploit.
The ongoing exploit has already misappropriated $3.5 million from various asset pools, including uDAI, uWETH, uLUSD, uFRAX, uCRVUSD, and uUSDT. The attacker’s address is 0x841dDf093f5188989fA1524e7B893de64B421f47, and all stole assets have been transferred to Ether.
UwU initiated the reimbursement process earlier today, just hours prior to the second exploit, which transpired within three days of the $20 million exploit.
Price manipulation was the cause of the initial UwU Lend exploit. Initially, the perpetrator utilized a flash loan to exchange USDe for other tokens, resulting in a decrease in the price of USDe and sUSDe respectively. The perpetrator subsequently deposited the tokens in UwU Lend and lent a greater amount of sUSDe than anticipated, which resulted in a rise in the USDe price.
In the same vein, the perpetrator deposited sUSDe into UwU Lend and borrowed a greater amount of CRV than anticipated. Ultimately, the assailants obtained tokens worth nearly $20 million by manipulating prices. Subsequently, the exploiter converted all of the misappropriated funds into ETH.
The lend protocol was in the process of reimbursing exploit victims and announced to X that they had repaid all bad debt for the $wETH market, which amounted to 481.36 $wETH ($1,734,042). The protocol reimbursed a total of $9,715,288.
The UwU claimed to have identified the vulnerability responsible for the exploit and declared that it was exclusive to the USDe market oracle.
The protocol stated that the vulnerability has been resolved, and all other markets have been “re-audited by industry professionals and auditors with no issues or concerns discovered.”
CertiK, a crypto security firm, informed Cointelegraph that the exploit in progress is not the same vulnerability, but rather a result of its exploitation on June 10. The assailant was still in possession of a number of uUSDE tokens that they acquired from the first exploit, according to CertiK.
The UwULend protocol continued to regard uUSDE as legitimate collateral, despite the protocol’s a pause. This allowed the attackers to exploit the remaining uUSDE and deplete the remaining pools of the UwULend protocol, according to CertiK.
Also Read: OKX probes multi-million account thefts following SIM swaps
Wallets